| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 15D3A3858413 |
| DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; |
| s=default; t=1708703301; | |
| bh=QgSH35XFG0Be9WH+ROpTEvO2ABV3XlIU+fcs1xUOoNc=; | |
| h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe: | |
| List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: | |
| From; | |
| b=VtrNDvCrubS+Uhmr7BljxU184DbeEb0/rggcJCdH7iVnjYCZybvoIU4YHyzynEuzd | |
| 9hP11dz3I5gUbxV/33ueBDhgqBEFq9UMF/RxRF/j+4tgh/vr31NV4HIaVS/BPo+Qkr | |
| w5T3KSe4BQ1LCCc/DF3QkjbNusddXA9eTSEISvJs= | |
| X-Original-To: | cygwin AT cygwin DOT com |
| Delivered-To: | cygwin AT cygwin DOT com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 77B89385841B |
| Date: | Fri, 23 Feb 2024 16:47:22 +0100 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: Switching groups with newgrp - how to get the new group with |
| |GetTokenInformation()| ? | |
| Message-ID: | <Zdi-CnGX3CwWA0nl@calimero.vinschen.de> |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <CAKAoaQnFxij4Np-jg+bOLEpiSziCfamFrJ2FR_JeO+Sv_Td2Kg AT mail DOT gmail DOT com> |
| <ZdecXZNUgQ3i0hYN AT calimero DOT vinschen DOT de> | |
| <CAKAoaQ=rCwVHnHAqfd5C3kC45GPE4ZHbbgCWrdM64sojLMuMyA AT mail DOT gmail DOT com> | |
| MIME-Version: | 1.0 |
| In-Reply-To: | <CAKAoaQ=rCwVHnHAqfd5C3kC45GPE4ZHbbgCWrdM64sojLMuMyA@mail.gmail.com> |
| X-BeenThere: | cygwin AT cygwin DOT com |
| X-Mailman-Version: | 2.1.30 |
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com> |
| List-Unsubscribe: | <https://cygwin.com/mailman/options/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe> | |
| List-Archive: | <https://cygwin.com/pipermail/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help> |
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe> | |
| From: | Corinna Vinschen via Cygwin <cygwin AT cygwin DOT com> |
| Reply-To: | cygwin AT cygwin DOT com |
| Cc: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| Errors-To: | cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com |
| Sender: | "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com> |
| X-MIME-Autoconverted: | from base64 to 8bit by delorie.com id 41NFmME0028360 |
On Feb 23 14:03, Roland Mainz via Cygwin wrote: > On Thu, Feb 22, 2024 at 8:11 PM Corinna Vinschen via Cygwin > <cygwin AT cygwin DOT com> wrote: > > On Feb 22 18:38, Roland Mainz via Cygwin wrote: > > > If I switch the current user's group with /usr/bin/newgrp, how can a > > > (native) Win32 process use > > > |GetTokenInformation(GetCurrentThreadToken(), ...)| to find out which > > > group is the new "current group" (e.g. which |TokenInformationClass| > > > should I use) ? > > > > PSID sidbuf = (PSID) alloca (SECURITY_MAX_SID_SIZE); > > NTSTATUS status; > > ULONG size; > > > > status = NtQueryInformationToken (hProcToken, TokenPrimaryGroup, > > sidbuf, SECURITY_MAX_SID_SIZE, > > &size); > > Well, it works in the case of an "hello world" application, but if I > stuff that into the nfsd_daemon (NFSv4.1 ms-nfs41-client client > daemon) it always prints the default primary group, even if the > current thread should impersonate another user - or in this case even > the same user, but a different primary group (e.g. see > https://github.com/kofemann/ms-nfs41-client/blob/master/sys/nfs41_driver.c#L1367). > > Do you have any idea what is going wrong in this case ? Not sure about that. I'm not familiar with driver development under Windows. I'd expect that you get the token of the calling thread or, in this case, process as is. However, did you try this with a primary group SID being part of the token's supplementary group list, or did you try this with some arbitrary group SID? I toyed around a bit with this in user space, and it seems I misinterpreted the results when I added the newgrp(1) tool. The primary group in the token *must* be member of the token's supplementary group list. The fact that it looks like it works in Cygwin to set the pgrp to an arbitrary SID is apparently based on incorrect error handling. I will fix this in the next couple of days. Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |